diff --git a/terraform/environments/production/dns.tf b/terraform/environments/production/dns.tf
index b1496a49d..05deeebb3 100644
--- a/terraform/environments/production/dns.tf
+++ b/terraform/environments/production/dns.tf
@@ -155,6 +155,19 @@ resource "google_dns_record_set" "google-dkim" {
 
 # Oneleet Trust page
 
+resource "google_dns_record_set" "trust-dns-caa" {
+  project      = module.google-cloud-project.project.project_id
+  managed_zone = module.google-cloud-dns.zone_name
+
+  type = "CAA"
+  name = "trust.${module.google-cloud-dns.dns_name}"
+  rrdatas = [
+    "0 issue \"letsencrypt.org\"",
+    "0 iodef \"mailto:security@firezone.dev\""
+  ]
+  ttl = 3600
+}
+
 resource "google_dns_record_set" "oneleet-trust" {
   project      = module.google-cloud-project.project.project_id
   managed_zone = module.google-cloud-dns.zone_name